[in2code/lux] SQL Injection in typo3 extension “LUX – TYPO3 Marketing Automation”

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-35628
• https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/lux/CVE-2022-35628.yaml
• https://typo3.org/security/advisory/typo3-ext-sa-2022-014
• https://github.com/advisories/GHSA-rpxg-hg79-h8q9